“In the wake of a massive data breach affecting Experian’s computers holding 15 million files of T-Mobile customers and applicants, we question why the firms are offering credit monitoring instead of paying to place credit, or security, freezes on all three of each victim’s credit reports. Only the security or credit freeze, available in any state, stops new account identity theft.Potential victims should freeze all of their “Big 3” credit reports from Experian, Equifax and TransUnion.

Reports indicate Experian lost data for 15 million customers and applicants of the wireless phone company T-Mobile, including names, addresses and birth dates and social security numbers, among other information breached from the consumer files.

First, this breach of 15 million records through an Experian server is completely outrageous, since credit bureaus are subject to very high security standards but losing Social Security Numbers -- the keys to new account identity theft – makes this breach much worse. That’s why placing security freezes is the only way to guarantee consumers peace of mind.

Worse, Experian, which lost the data, has offered its own branded “Protectmyid” credit monitoring. While reports indicate that T-Mobile is not happy and will offer an alternate credit monitoring service, that doesn’t solve the underlying problem:credit monitoring tells you only after you’ve been victimized. Only the freeze blocks a thief from obtaining new credit accounts in your name. Placing a freeze on all three of your credit reports prevents new account financial identity theft but credit monitoring does not.

We will have further comments on this developing story. We will also be asking the CFPB, FTC, Department of Justice and state attorneys general to investigate how Experian, subject to very high standards for the security of its own credit reports, had such a sloppy system for protecting T-Mobile customer data. How can all of the 200 million consumers with Experian credit reports trust that Experian really is protecting them?”